Poor Man's PKI: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Openssl") (change visibility) |
No edit summary (change visibility) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Openssl]] | [[Openssl]] | ||
<syntaxhighlight lang="console"> | |||
Mkdir root | |||
Mkdir leaf | |||
#create root - asks for cn parameters and pem password | |||
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key | |||
#create new leaf private key - not encrypted! | |||
openssl genrsa -out leaf/privkey.key 2048 | |||
#create new leaf request based on private key, provide parameters and challenge password | |||
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf | |||
#sign the leaf with the root | |||
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial | |||
</syntaxhighlight> |
Latest revision as of 15:12, 12 April 2018
Mkdir root
Mkdir leaf
#create root - asks for cn parameters and pem password
openssl req -new -x509 -days 3650 -out root/cert.crt -out root/rootcert.crt -keyout root/rootprivkey.key
#create new leaf private key - not encrypted!
openssl genrsa -out leaf/privkey.key 2048
#create new leaf request based on private key, provide parameters and challenge password
openssl req -new -key leaf/privkey.key -out leaf/someserver.csr -config openssl.cnf
#sign the leaf with the root
openssl x509 -req -in leaf/someserver.csr -CA root/rootcert.crt -CAkey root/rootprivkey.key -out leaf/someserversigned.cer -days 365 -sha256 -Cacreateserial